The Five Eyes countries (Australia, Canada, New Zealand, the UK and the US) met in Canada in late June to discuss national security issues, particularly related to domestic terrorism. In light of the recent WannaCry ransomware attacks, encryption inevitably came up.
The Ministerial Communiqué contained language that could be troubling, and bears witness to an erosion of previous positions championed by the US Government. Previously, the NSA had affirmed that strong cryptography does more benefit to security than harm. This time, the communiqué noted that “that encryption can severely undermine public safety efforts.” While the commitment by the member states to cooperate with industry to find solutions, rather than driving top down regulations, is laudable, it represents a potentially damaging change.
Some Five Eyes law enforcement and national security organizations have always wanted to read their citizen’s mail, but the NSA has traditionally been a bulwark against this impulse. NSA’s rationale was that strong cryptography protected citizens better than the government can, and that the protections were better than offensive capabilities. Given former FBI Director James Comey’s assertion that 2017 could provide an opening for a renewal of the cryptography debate, this should have privacy aficionados and industry worried.
Academics and industry have consistently asserted that back doors, key escrow, or “golden keys” would erode privacy, reduce security, and hurt the ICT industry for limited gains by law enforcement. Recent leaks of sensitive CIA and NSA cyber tools reduce confidence that governments could be trusted to safeguard these cryptography-breaking tools as well. Further, if mass market, US-based solutions like iMessage, WhatsApp, or Skype were to give law enforcement access to all data, foreign providers from privacy-friendly jurisdictions or home-brewed systems would fill the needs of criminals and terrorists.
This would have the same effect as taking the locks off normal citizens’ doors, while criminals would fashion their own or acquire them in other markets.
